LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Password
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.

Notices


Reply
  Search this Thread
Old 02-21-2016, 07:50 AM   #1
LXer
LXer NewsBot
 
Registered: Dec 2005
Posts: 99,863

Rep: Reputation: 102Reputation: 102
LXer: Pay Attention! Linux Mint 17.3 ISOs Were Hacked On 20th February -- Check If You Are Infected Or Not


Published at LXer:

Here is a bad news coming from Linux Mint. Today Clem, member of Linux Mint community posted that ISOs of Linux Mint 17.3 were hacked on 20th of February, 2016. Yes! You heard that right. It's something that teaches lesson to all those who don't check MD5 hash to confirm that the image they downloaded are original and not hacked one. Well if you downloaded Linux Mint 17.3 then you should immediately do the following things to be safe.

Read More...
 
Old 02-21-2016, 08:45 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: High Sierra
Posts: 9,117
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

The valid signatures are below:
Code:
6e7f7e03500747c6c3bfece2c9c8394f  linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983  linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238  linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd  linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d  linuxmint-17.3-cinnamon-oem-64bit.iso
Since they aren't signed, I take issue with the use of the term "signature" vs. digest.

“Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.”

Last edited by Habitual; 02-21-2016 at 08:53 AM.
 
Old 02-21-2016, 09:57 AM   #3
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17
Posts: 5,536
Blog Entries: 20

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
How many threads where you asked Habitiual. "Did you md5sum check your downloaded iso"

Your reply from the thread starter would be. "No. What's That? Should I?"
This just bears out that md5sum is more than just checking for a corrupted file because of a flaky internet connection.

I do it religiously out of habit. I never realized it would be good for something like this also.
 
Old 02-21-2016, 10:48 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: High Sierra
Posts: 9,117
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by rokytnji View Post
How many threads where you asked Habitiual. "Did you md5sum check your downloaded iso"

Your reply from the thread starter would be. "No. What's That? Should I?"
This just bears out that md5sum is more than just checking for a corrupted file because of a flaky internet connection.

I do it religiously out of habit. I never realized it would be good for something like this also.
John or "JJ" please...
Quite a few. It's the first thing to check when sh*t don't act right.
And I always check and then google the digest to get a feel for what I've got. If google don't hit, I then verify against published
values by the originators of the image.

I may have issue with use of the word "signature" but not it's practice via md5sum.
But I am not about to try and correct Clem.
 
Old 02-21-2016, 12:57 PM   #5
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17
Posts: 5,536
Blog Entries: 20

Rep: Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628Reputation: 2628
Quote:
But I am not about to try and correct Clem.
Me neither.


Quote:
John or "JJ" please...
Okey Dokey JJ.

This issue makes me wonder how many fish got hooked by this hack?
Kinda a wonderment thing for me. Since Mint is so popular and all. I only roll with Mint Mate 17 myself on my Samsung RV510 Bike tuner laptop that dualboots with Windows 10.
 
Old 02-21-2016, 01:36 PM   #6
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,690
Blog Entries: 6

Rep: Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562Reputation: 2562
It was yet... another... one... more... time... wordpress exploit.

The repos were not compromised but the download link itself was changed to point to the compromised ISOs.

At least they are taking it seriously and have taken the server down (after the second intrusion event).

I know there are a lot of wordpress sites and users, but honestly, building a wordpress site in 2016 is like posting a target on the front page that says "Hit me now, or hit me later!".

But the real danger today is the sheer scale of the attacks - the number of bots, the ease of their deployment and control, the vast resources applied to finding and exploiting vulnerable sites, code, frameworks, firmware, configurations, etc., etc...

There is and never will be perfect code. Just as you cannot build a perfectly safe automobile capable of safely taking a family picnic in a Mad Max world, we cannot build code and systems that can survive the current web environment. We can harden, improve and adapt, but we cannot win with that strategy...

The winning strategy...? The same as it always is, sorry to say - grab a history book and a nearby implement of destruction...
 
Old 02-23-2016, 01:11 PM   #7
TxLonghorn
Member
 
Registered: Feb 2004
Location: Austin Texas
Distribution: Mandrake 9.2
Posts: 702

Rep: Reputation: 231Reputation: 231Reputation: 231
linuxmint.com is back online - with .iso downloads available.
forums.linuxmint.com still down.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Yet Another Reason to Pay Attention... and the Price You Pay When You Don't tronayne Slackware 25 06-18-2015 07:27 AM
pay attention to the package of 'mint-mirrors' touch21st Linux Mint 6 02-17-2014 06:46 AM
LXer: As Oracle axes support for GlassFish, MySQL users might want to pay attention LXer Syndicated Linux News 0 11-18-2013 03:20 AM
LXer: Now, pay attention to the latest Calculate Linux 11.9 LXer Syndicated Linux News 0 10-05-2011 06:40 PM
LQ Security Report - February 20th 2005 Capt_Caveman Linux - Security 4 02-20-2005 11:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 08:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration